Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for CEL policy conditions #316

Merged
merged 47 commits into from
Sep 27, 2023
Merged

Add support for CEL policy conditions #316

merged 47 commits into from
Sep 27, 2023

Commits on Sep 26, 2023

  1. Initial commit of CEL policy work 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    f98e600 View commit details
    Browse the repository at this point in the history

  2. Add a few custom CEL functions 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    e0d35d0 View commit details
    Browse the repository at this point in the history

  3. Make policies work with legacy way of reporting violations 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    9d735c5 View commit details
    Browse the repository at this point in the history

  4. Implement is_dependency_of CEL function 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    6703e62 View commit details
    Browse the repository at this point in the history

  5. Support vuln aliases in CEL policies 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    fe0a3ed View commit details
    Browse the repository at this point in the history

  6. Few minor adjustments 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    fee1f46 View commit details
    Browse the repository at this point in the history

  7. Return CEL errors in API response 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    b95d72a View commit details
    Browse the repository at this point in the history

  8. Fix some vulnerability fields not being fetched for policies 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    2f6c2e3 View commit details
    Browse the repository at this point in the history

  9. Bump versatile to 0.3.0 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    07c42fa View commit details
    Browse the repository at this point in the history

  10. Use AST visitor to determine which fields are accessed for any given … 

    …type

Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    8634563 View commit details
    Browse the repository at this point in the history

  11. Cleanup 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    086f70a View commit details
    Browse the repository at this point in the history

  12. Cleanup 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    e956ca4 View commit details
    Browse the repository at this point in the history

  13. WIP: Loading of required fields; Project policy evaluation 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    d2c4841 View commit details
    Browse the repository at this point in the history

  14. Improve violation reconciliation for projects 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    26c1a4b View commit details
    Browse the repository at this point in the history

  15. Add test with bloated BOM to debug performance bottlenecks 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    5f56384 View commit details
    Browse the repository at this point in the history

  16. Disable DataNucleus L1 cache for policy reconciliation 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    2016e0e View commit details
    Browse the repository at this point in the history

  17. Add field mapping tests 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    40e9218 View commit details
    Browse the repository at this point in the history

  18. Handle implicit policy script requirements for custom functions 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    1994988 View commit details
    Browse the repository at this point in the history

  19. Minor readability and code documentation improvements 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    3ec5f3b View commit details
    Browse the repository at this point in the history

  20. Fetch data for policy violation notifications in a single query 

    DataNucleus on its own loads too much data, and does so using too many queries.

Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    489d1c5 View commit details
    Browse the repository at this point in the history

  21. Perform violation reconciliation using direct JDBC access 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    68d54a9 View commit details
    Browse the repository at this point in the history

  22. Include strings library in CEL policy environment 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    eb8c458 View commit details
    Browse the repository at this point in the history

  23. Cleanup; Support project properties, tags, and vulnerability aliases 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    3d1a436 View commit details
    Browse the repository at this point in the history

  24. Add test to verify that all fields can be loaded 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    e1f3419 View commit details
    Browse the repository at this point in the history

  25. Add remaining fields to testWithAllFields 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    499e97d View commit details
    Browse the repository at this point in the history

  26. Add test for vuln severity evaluation 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    047d5a5 View commit details
    Browse the repository at this point in the history

  27. Remove un-implemented depends_on function; Add proper logging for c… 

    …ustom functions

Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    e824c5c View commit details
    Browse the repository at this point in the history

  28. Handle invalid scripts and script runtime failures 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    7978c1e View commit details
    Browse the repository at this point in the history

  29. Add escapeQuotes for CEL script builders 

    Using `escapeJson` doesn't work quite right when special characters / regular expressions are provided. All we need is prevention of "breaking out" of strings, so escaping double quotes alone is sufficient.

Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    2f37004 View commit details
    Browse the repository at this point in the history

  30. Add tests for some legacy conditions 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    ff9d52f View commit details
    Browse the repository at this point in the history

  31. More tests for CelPolicyEngine 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    706922c View commit details
    Browse the repository at this point in the history

  32. Add more tests; Implement script cache bypass for REST API interactions 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    0452d00 View commit details
    Browse the repository at this point in the history

  33. Add tests for hash policy (#326) 

    * added tests for hash policy

Signed-off-by: mehab <[email protected]>

* updated tests

Signed-off-by: mehab <[email protected]>

---------

Signed-off-by: mehab <[email protected]>
    @mehab @nscuro
    mehab authored and nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    b1c4b0a View commit details
    Browse the repository at this point in the history

  34. Add version cel policy script builder (#324) 

    * Add version cel policy script builder

Signed-off-by: vithikashukla <[email protected]>

* add version support for coordinates cel policy

Signed-off-by: vithikashukla <[email protected]>

* Added unit test for version policy script builder

Signed-off-by: vithikashukla <[email protected]>

* added coordninates condition test

Signed-off-by: vithikashukla <[email protected]>

* added coordinates condition test

Signed-off-by: vithikashukla <[email protected]>

---------

Signed-off-by: vithikashukla <[email protected]>
Co-authored-by: vithikashukla <[email protected]>
    @VithikaS @nscuro
    2 people authored and nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    9487edb View commit details
    Browse the repository at this point in the history

  35. Fix new UNIQUE constraint breaking existing behavior 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    f012cfa View commit details
    Browse the repository at this point in the history

  36. Add feature flag for CEL policy engine 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    4310a80 View commit details
    Browse the repository at this point in the history

  37. Add UpgradeItem to update type of "POLICYCONDITION"."VALUE" to `T… 

    …EXT`

Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    ae9f067 View commit details
    Browse the repository at this point in the history

  38. Handle policy evaluation for individual components 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    5a5dcf7 View commit details
    Browse the repository at this point in the history

  39. added unit tests for cwe cel policy 

    Signed-off-by: mehab <[email protected]>
    @mehab @nscuro
    mehab authored and nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    88ad93e View commit details
    Browse the repository at this point in the history

  40. Add license condition test (#332) 

    * Add version cel policy script builder

Signed-off-by: vithikashukla <[email protected]>

* add version support for coordinates cel policy

Signed-off-by: vithikashukla <[email protected]>

* Added unit test for version policy script builder

Signed-off-by: vithikashukla <[email protected]>

* added coordninates condition test

Signed-off-by: vithikashukla <[email protected]>

* added coordinates condition test

Signed-off-by: vithikashukla <[email protected]>

* added more conditions to test

Signed-off-by: vithikashukla <[email protected]>

* Added license condition test

Signed-off-by: vithikashukla <[email protected]>

* Update src/main/java/org/dependencytrack/policy/cel/CelPolicyEngine.java

Co-authored-by: Niklas <[email protected]>
Signed-off-by: VithikaS <[email protected]>

* Added license group condition test

Signed-off-by: vithikashukla <[email protected]>

* updated comment

Signed-off-by: vithikashukla <[email protected]>

---------

Signed-off-by: vithikashukla <[email protected]>
Signed-off-by: VithikaS <[email protected]>
Co-authored-by: vithikashukla <[email protected]>
Co-authored-by: Niklas <[email protected]>
    @VithikaS @nscuro
    3 people committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    d6eb71b View commit details
    Browse the repository at this point in the history

  41. Fix projection mapping for Double / BigDecimal fields 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    0f4c0a8 View commit details
    Browse the repository at this point in the history

  42. support wildcard 

    Signed-off-by: vithikashukla <[email protected]>
    vithikashukla committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    8f36c64 View commit details
    Browse the repository at this point in the history

  43. Merge pull request #333 from DependencyTrack/edge-cases-for-coordiate… 

    …-policy

support wildcard
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    0c47b4f View commit details
    Browse the repository at this point in the history

  44. Add buf config and workflow 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    94eb8fc View commit details
    Browse the repository at this point in the history

  45. Change Proto package from hyades to dependencytrack 

    As this feature will be backported, we need to make sure policies will be compatible once folks start upgrading to Hyades.

Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 26, 2023
    Configuration menu
    Copy the full SHA
    1d78e4b View commit details
    Browse the repository at this point in the history

Commits on Sep 27, 2023

  1. Fix failing tests due to Proto package change 

    Signed-off-by: nscuro <[email protected]>
    @nscuro
    nscuro committed Sep 27, 2023
    Configuration menu
    Copy the full SHA
    2b035e4 View commit details
    Browse the repository at this point in the history

  2. Un-ignore cyclonedx.proto from breaking changes check 

    Signed-off-by: Niklas <[email protected]>
    @nscuro
    nscuro committed Sep 27, 2023
    Configuration menu
    Copy the full SHA
    39664d5 View commit details
    Browse the repository at this point in the history